ACE probe question

I have a couple of servers that were hardened by our web guru. They are locked down pretty tight and refuse to give up information easily. I'm new to the cisco ACE and I'm trying to figure out if my statements are correct and the servers are locked down funny, or if I have the statements wrong/missing something in the probe itself.

Please note that i can get the servers I want just fine if I don't put the probe in. The file /index.shtml fine. I'm using head here because I don't care if the page is completely formed, just that it exists and there are some largish files on the page and I don't care to download the whole thing.

So I have the probe set in the serverfarm only (the rservers are currently set to "inservice" with no probe)

so the serverfarm has "probe ProdServerProbe"

the definition for the "Prod ServerProbe" is as follows

probe http ProdServerProbe
  interval 30
  passdetect interval 60
  request method head url /index.shtml
  open 1

One thing I didn't get from the documentation (maybe I didn't read it well is) is whether passdetect inverval needs to be greater than interval

The server does have a /index.shtml
The server does respond to http on port 80
I can "bypass" the ACE by typing in the URL and I can see the page just fine
If I turn off probing the site seems to work just fine.

Please let me know if my config is screwy or if this is just a case of the server being locked down more than the ACE can bypass.
donackerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

rcolchesterCommented:
Hi there,

can you paste an output of

"show probe ProdServerProbe detail"

and

"show serverfarm ##name##"

here?

It sounds like the probes might not be detecting the server as OPERATIONAL at all.

Rupert.
0
donackerAuthor Commented:
I have included this. I was aware that it was not "connecting" what I'm trying to ascertain is as follows:

--------------------------------------------------------------------------------------------------------------------------
Is  the probe I posted above configured in such a way it will always fail, or does that probe look like it should work. If it should work than  I am likely to assume that the problem is the way that these servers were tweaked.
---------------------------------------------------------------------------------------------------------------------------

The following output is shown


show probe ProdServerProbe detail

 probe       : ProdServerProbe
 type        : HTTP
 state       : ACTIVE
 description :
----------------------------------------------
   port      : 80      address     : 0.0.0.0         addr type  : -          
   interval  : 30      pass intvl  : 60              pass count : 3    
   fail count: 3       recv timeout: 10  
   http method      : HEAD
   http url         : /index.shtml
   conn termination : GRACEFUL  
   expect offset    : 0         , open timeout     : 1        
   expect regex     : -
   send data        : -
                ------------------ probe results ------------------
   associations ip-address      port  porttype probes   failed   passed   health
   ------------ ---------------+-----+--------+--------+--------+--------+------
   serverfarm  : ProdServers
     real      : ProdWeb1-Pri[80]

     real      : ProdWeb1-Sec[80]

     real      : ProdWeb2-Pri[80]

     real      : ProdWeb2-Sec[80]
                10.10.10.202    80    REAL     4977     4977     0        FAILED

   Socket state        : CLOSED
   No. Passed states   : 0         No. Failed states : 1
   No. Probes skipped  : 0         Last status code  : 403
   No. Out of Sockets  : 0         No. Internal error: 0
   Last disconnect err : Received invalid status code
   Last probe time     : Mon Apr  5 05:29:43 2010
   Last fail time      : Fri Apr  2 09:22:16 2010
   Last active time    : Never

     real      : ProdWeb3-Pri[80]

     real      : ProdWeb3-Sec[80]


show serverfarm ProdServers

 serverfarm     : ProdServers, type: HOST
 total rservers : 6
 ---------------------------------
                                                ----------connections-----------
       real                  weight state        current    total      failures
   ---+---------------------+------+------------+----------+----------+---------
   rserver: ProdWeb1-Pri
       10.10.10.101:80       8      OUTOFSERVICE 0          0          0
   rserver: ProdWeb1-Sec
       10.10.10.201:80       8      OUTOFSERVICE 0          0          0
   rserver: ProdWeb2-Pri
       10.10.10.102:80       8      OUTOFSERVICE 0          0          0
   rserver: ProdWeb2-Sec
       10.10.10.202:80       8      PROBE-FAILED 0          17         0
   rserver: ProdWeb3-Pri
       10.10.10.103:80       8      OUTOFSERVICE 0          0          0
   rserver: ProdWeb3-Sec
       10.10.10.203:80       8      OUTOFSERVICE 0          0          0
0
rcolchesterCommented:
Hi donacker,

Thanks for the output.

The probe is failing with error code 403:
"Last status code  : 403"
"Last disconnect err : Received invalid status code"

403 indicates that the address if forbidden. It doesn't bode well, but you'll also need to configure an expected status code as per the attached code. My example marks only the 200 OK status (range 200-200) as a successful probe.

As a test you could change the range to 200-403. The probes should then succeed and mark your server as ACTIVE. This won't solve the problem of the forbidden page, which will either be down to a non-existent page (unlikely based on what you've said) or a permission problem (quite possible based on what you've said!).

Hope this helps.

probe http ProdServerProbe
  interval 30
  passdetect interval 60
  request method head url /index.shtml
  expect status 200 200
  open 1

Open in new window

0
donackerAuthor Commented:
Considering the fights I've had with this unit whenever urls come into play let me verify that I have correctly written the page in the request method.

If I have www.example.com/index.shtml

do I enter

1) index.shtml
2) /index.shtml
3) www.example.com/index.shtml
4) http://www.example.com/index.shtml
0
rcolchesterCommented:
2..
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Operations

From novice to tech pro — start learning today.